Computer SecurityWhy Worry About security?Reported IncidentsReported VulnerabilitiesSecurityMotivesCriminal ProfileThreat PyramidPhysical SecuritySlide 10VulnerabilitiesSoftware ThreatsDeliveryCrackingSocial EngineeringDefensesHow much security?Best PracticesSlide 19Slide 20Create Strong Pass PhrasesSlide 22Best practicesProtect Your PrivacySlide 25Hacker HuntingCaptain, We've Been Boarded!Forensic Tools and InformationLab AssignmentSlide 30Slide 311Computer SecurityComputer SecurityThreats, Detection, and Threats, Detection, and PreventionPrevention22Why Worry About security?Why Worry About security?33Reported IncidentsReported Incidents44Reported VulnerabilitiesReported Vulnerabilities55SecuritySecurityComputerComputer•PhysicalPhysical•SoftwareSoftwarePeoplePeopleNetworkNetwork•WiredWired•WirelessWireless66MotivesMotivesPersonalPersonal•Joy or thrillJoy or thrill•Net credNet cred•Revenge – spouse, employeeRevenge – spouse, employeeProfitProfit•BlackmailBlackmail•Competition/Business secretsCompetition/Business secretsIdeologicalIdeological•PoliticalPolitical•SocialSocial•ReligiousReligious77Criminal ProfileCriminal ProfileHackerHackerCrackerCrackerWhite-collar crimeWhite-collar crimeCon artistCon artistPsychological Psychological problemsproblems•StalkerStalker•TerroristTerrorist•FanaticsFanaticsScriptkiddyScriptkiddy88Threat PyramidThreat PyramidScriptScriptKidsKidsModerateModerateAggressiveAggressiveGovernmentsGovernments1M’s1M’s10K’s10K’s1K’s1K’s100’s100’sSource: Source: Tom Perrine, SDSCTom Perrine, SDSCSecurity as InfrastructureSecurity as Infrastructure99Physical SecurityPhysical SecurityTrashTrash•OfficeOffice•Dumpster divingDumpster divingComputer accessComputer access•Not logged off computer or lockedNot logged off computer or locked•BIOS and Boot not secureBIOS and Boot not securePasswords written downPasswords written downUnsecured laptopsUnsecured laptopsDocuments not secure in cabinets Documents not secure in cabinets1010Physical SecurityPhysical Security1111VulnerabilitiesVulnerabilitiesProgramming errorsProgramming errors•Buffer overrunsBuffer overruns•Integer overflowsInteger overflows•Poor access controlPoor access control•Stack errorsStack errorsPoor designPoor design•Poor access controlPoor access control•Monolithic vs modular Monolithic vs modular •Unexpected behaviorUnexpected behaviorQuality controlQuality control•CorporationsCorporations•Small BusinessesSmall Businesses•IndividualsIndividuals1212Software ThreatsSoftware ThreatsVirusesVirusesWormsWormsTrojansTrojansLogic bombsLogic bombsRootkitsRootkits1313DeliveryDeliverySoftwareSoftware•SpywareSpyware•AdwareAdware•MalwareMalwareMediaMediaEmailEmailSpamSpamWebsitesWebsites1414CrackingCrackingDictionaryDictionaryBrute forceBrute forceHybridHybridCracking is time Cracking is time consuming and consuming and requires great requires great computing powercomputing power1515Social EngineeringSocial EngineeringFriendshipFriendshipAuthorityAuthoritySnoopingSnoopingGuiltGuiltTrustTrustTimeTimePolitenessPolitenessPhishingPhishingHoaxesHoaxesShoulder SurfingShoulder Surfing1616DefensesDefensesAnti-virus softwareAnti-virus software•SymantecSymantec•McAfeeMcAfee•F-SecureF-Secure•PandaPandaPopup blockersPopup blockers•BrowsersBrowsers•Stand aloneStand aloneSoftware FirewallsSoftware Firewalls•SymantecSymantec•WindowsWindows•ComodoComodo•Zone AlarmZone AlarmAnti-spywareAnti-spyware•Windows DefenderWindows Defender•Ad-AwareAd-AwareAnti-spamAnti-spam•Built in to email clientBuilt in to email client•Stand aloneStand alone1717How much security?How much security?SecuritySecurityEase of UseEase of UseBeware of Security through Beware of Security through Obscurity!!!Obscurity!!!1818Best PracticesBest PracticesPhysical securityPhysical security•Lock your office doorLock your office door•Lock your PCLock your PC•Lock your documentsLock your documents•Use a shredderUse a shredder•Secure your laptopSecure your laptop•Check PC for suspicious Check PC for suspicious devicesdevices•BIOS and Boot orderBIOS and Boot order•Use common senseUse common sense1919Best PracticesBest PracticesUpdate softwareUpdate software•OSOS•Anti’sAnti’s•ApplicationsApplicationsUpdate FirmwareUpdate Firmware•BIOSBIOS•Network devicesNetwork devicesMicrosoft Baseline Microsoft Baseline Security AnalyzerSecurity Analyzer2020Best PracticesBest PracticesUser discretionUser discretion•Scan email Scan email attachments and attachments and downloads before downloads before opening or startingopening or starting•Be wary of Be wary of unsolicited helpunsolicited help•Avoid seedy Avoid seedy websites and websites and servicesservicesContinuedContinued•Be cautious of Be cautious of unsolicited email unsolicited email even from trusted even from trusted sourcessources•Don’t advertise Don’t advertise personal personal informationinformation•Control accessControl access2121Create Strong Pass PhrasesCreate Strong Pass Phrases•msd10171965msd10171965PoorPoor•ardl79BEf76357ardl79BEf7635714 spaces14 spacesHard to rememberHard to rememberGoodGood•MydogSkiplovestoplayfetcheverydayMydogSkiplovestoplayfetcheveryday33 spaces33 spacesEasier to rememberEasier to rememberBetterBetter•Myd0gSkipluvs2playfetchev3rydayMyd0gSkipluvs2playfetchev3ryday31 spaces31 spacesEasier to rememberEasier to rememberLimit Duplicate letters –substitute with numbers, Limit Duplicate letters –substitute with numbers, punctuation, or special characterspunctuation, or special charactersBestBest2222Best PracticesBest PracticesUnderstand system Understand system behaviorbehavior•Know what is Know what is normal to establish normal to establish a baselinea baseline•Monitor system Monitor system resourcesresources•Be proactiveBe proactive2323Best practicesBest practicesSecure your dataSecure your data•Back up your dataBack up your data•Store backup in Store backup in secure locationsecure location•Back up oftenBack up often•Separate system Separate system from datafrom data2424Protect Your PrivacyProtect Your PrivacyEncryptionEncryption•PGP emailPGP email•Folders and filesFolders and